![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
lblanchardHere's a cheerful note about online medical records:
Hackers break into Virginia Health Professions Database, Demand Ransom
If you follow this Washington Post story back to Wikileaks, you can see a replica of the taunting message left on the site's home page.
Hackers break into Virginia Health Professions Database, Demand Ransom
If you follow this Washington Post story back to Wikileaks, you can see a replica of the taunting message left on the site's home page.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2009-05-05 04:46 pm (UTC)(Checks the article)
Ah, I see.
What happened was, someone broke in (presumably digitally), erased the records, and encrypted the backups.
So, it *is* loss of the records that's at risk.
When done properly, a database of sensitive information will be encrypted, so that no one can read the records without the key. Now, if someone can get the key, they can pull the unencrypted information, but that's always going to be a risk. That's the same risk as hospital employees revealing confidential health records (e.g., of celebrities).
Attackers can threaten loss of the data - they can erase the files - but typically can't threaten revelation of the data because they can't read the records. And proper encryption takes a good many years to break, even using the fastest publicly-available systems. (The NSA might be able to do it faster - if so, they ain't telling.)
no subject
Date: 2009-05-05 06:59 pm (UTC)They may or may not have actually done it.
If I were the health folks, I'd lock that sucker down tight as a drum until I could be sure they hadn't run off with anything. And I wouldn't say jack until I knew.